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ABSTRACT 


Cloud  adoption  is  accelerating  rapidly,  driven  by  cost  savings,  agility,  and  efficiency.  Whether  users  are  extending 
internal  resources  or  fully  deploying  in  the  cloud,  organization  needs  to  share  the  responsibility  for  security  with  service 
provider.  This  means  that  while  cloud  service  providers  (CSPs)  cover  the  physical  and  network  infrastructures  and 
virtualization  layer,  responsible  for  securing  the  guest  operating  system,  applications,  data,  and  for  meeting  compliance 
regulations.  If  security  doesn’t  go  beyond  the  native  cloud,  then  probably  are  not  meeting  shared  responsibility.  Users  can 
increase  overall  protection  and  reduce  administration  by  building  elastic  security  into  cloud  architectures.  To  help  shared 
responsibility,  this  paper  provides  the  most  complete  set  of  recommended  security  capabilities  and  integrations  available 
for  cloud  services  such  as  AWS,  Microsoft  Azure,  and  VMware  vCloud  Air.  When  security  is  integrated  with  the  leading 
cloud  services  platforms,  cost  and  complexity  go  down,  making  it  faster  and  easier  for  to  meet  security  requirements  while 
realizing  the  operational  benefits  of  the  cloud. 


Cloud  computing  provides  internet  based  services  on  a utility  basis  to  the  business  process.  The  tenants  share  a 
pool  of  resources  that  are  dispersedly  owned  and  managed.  Hence  security  is  a major  concern  in  the  cloud  environment. 
The  consumers  will  loss  the  control  of  data  in  the  cloud  environment  and  hence  a proper  trust  mechanism  is  necessary  to 
ensure  data  security  and  privacy  [1].  As  the  cloud  computing  is  composed  of  different  local  systems  and  includes  the 
members  from  multiple  environments,  therefore  the  security  in  cloud  is  complicate.  In  one  side,  the  security  mechanism 
should  provide  guarantees  secure  enough  to  the  user,  on  the  other  side,  the  security  mechanism  should  not  be  too  complex 
to  put  the  users  into  an  inconvenient  situation.  The  openness  and  flexibility  of  the  computer  and  popular  commercial 
operating  systems  have  been  important  factors  supporting  their  widespread  adoption.  However,  that  very  same  openness 
and  flexibility  have  been  proved  to  be  a double  edged  sword,  because  it  brings  complexity,  reduces  trust  degree  and  threat 
against  security.  So  there  should  be  a balance  between  the  security  and  the  convenience  [2].  While  downloading  files  from 
the  internet,  the  users  unknowingly  downloads  harmful  software  such  as  key  logger.  The  user-sensitive  data  such  as  login 
and  password  gets  hacked  with  the  software  such  as  Spyware,  Trojans  etc.  while  the  user  works  with  the  user  interface  in 
order  to  access  the  web  services.  The  data  in  the  infected  computer  is  no  longer  safe.  Thus  even  after  taking  all  the  safety 
measures  such  as  installing  antivirus  software  also,  there  exist  the  risk  of  our  sensitive  data  getting  hacked  when  we  use  the 
web-service  of  cloud  computing  [3].  The  five  essential  elements  of  cloud  computing  are  the  following: 

a)  On-Demand  Self-Service:  The  cloud  computing  provides  the  cloud  resources  to  the  users  whenever  they  are 
required  without  any  human  interaction. 
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b)  Broad  Network  Access:  The  computing  resources  are  available  over  the  network  fe.g.  Internet)  and  for  access 
heterogeneous  platforms,  such  as  tablets,  PCs,  Macs  and  smart  phone. 

c)  Resource  Pooling:  The  cloud  providers  serve  multiple  customers  with  computing  resources.  With  the  pool 
based  model  the  clients  will  not  know  the  location  of  their  stored  data. 

d)  Rapid  Elasticity:  For  consumers,  computing  resources  can  be  scaled  as  per  the  requirement. 

e)  Measured  Service:  The  cloud  infrastructure  has  the  mechanism  to  measure  the  services  provided  for  the 
customers  in  the  shared  pool  of  resources  [4]. 

SECURITY  THREATS  IN  CLOUD  COMPUTING 

Cloud  computing  faces  various  security  threats  for  several  reasons:  a)  Loss  of  control  - the  user’s  loss  the  control 
of  data  in  the  cloud  environment  and  hence  the  usual  cryptographic  techniques  cannot  be  directly  applied  for  the  purpose  of 
data  security.  To  ensure  continuous  and  long  term  data  security  of  the  various  kinds  of  data  stored  in  the  cloud,  the  problem 
of  integrity  and  correctness  of  stored  data  in  cloud  becomes  more  challenging,  b)  Integrity  of  data  - The  stored  data  need  to 
be  frequently  updated.  Individual  user’s  data  is  redundantly  stored  in  multiple  physical  locations  to  further  reduce  the  data 
integrity  threats.  Therefore,  distributed  protocols  for  storage  correctness  assurance  will  be  of  most  importance  in  achieving 
a robust  and  secure  cloud  data  storage  system  in  the  real  world.  However,  such  important  area  remains  to  be  fully  explored 
in  the  literature  [5]. 

In  cloud  computing,  many  users  and  even  the  resources  join  or  leave  the  cloud  at  random.  There  should  be  a 
trustworthy  relationship  among  the  users,  resources  and  the  cloud.  Establishing  the  trustful  relationship  is  a challenge 
because  of  the  different  security  policies  of  the  users  and  the  resources  in  the  cloud.  In  fact,  there  will  be  a Service  Level 
Agreement  between  the  cloud  participants  to  maintain  the  confidentiality  of  their  data  [6].  The  traditional  way  to  ensure 
security  of  data  during  transmission  and  storage  is  to  compress  the  data  and  encrypt  it  [7].  Unencrypted  data  of  the  client 
cannot  be  stored  in  the  cloud  because  the  cloud  provider  will  have  access  to  the  data  and  hence  the  confidentiality  of  the 
data  will  be  lost.  Also,  a malicious  cloud  provider  can  modify  the  client’s  data  and  hence,  the  integrity  of  the  data  will  be 
lost.  An  encrypted  file  system  is  used  to  encrypt  the  user’s  data,  manage  and  create  keys  which  are  used  for  data  encryption 
and  decryption. 

The  encryption  and  decryption  of  files  is  transparent  to  the  user  and  the  application  [8].  The  dependable  and 
secure  computing  includes  not  only  security  and  confidentiality,  but  also  reliability,  availability,  safety  and  integrity  [9]. 
Considering  these  facts,  we  propose  a new  way  that  is  conducive  to  improve  the  secure  and  dependable  computing  in 
cloud.  Cloud  computing  provides  Internet-based  services  to  customers  and  business  and  also  provides  significant  cost 
effective  IT  resources  as  cost  on  demand  IT  based  on  the  actual  usage  of  the  customer. 

The  cloud  computing  technology  helps  companies  with  much  more  efficient  computing  by  centralizing  resources, 
but  at  the  risk  of  data  privacy.  The  diversity  of  users  multiplies  the  associated  risk.  Identity  management  (IDM)  is  one  of 
the  key  components  in  cloud  privacy  and  security.  This  can  improve  security  and  user  satisfaction  and  help  reduce  some  of 
the  problems  associated  with  cloud  computing.  The  identity  management  can  be  deployed  by  a centralized  component 
processing  authentication  and  authorization  requests  [10]. 
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CLOUD  TPA 

Employing  Trusted  Third  Party  services  within  the  cloud,  leads  to  the  establishment  of  the  necessary  Trust  level 
and  provides  ideal  solutions  to  preserve  the  confidentiality,  integrity  and  authenticity  of  data  and  communications  [11]. 
In  cryptography,  when  two  parties  want  to  interact  with  each  other  and  if  security  is  their  major  concern,  they  both  can 
depend  upon  and  trust  this  Third  Party.  The  scope  of  a TTP  within  an  Information  System  is  to  provide  end-to-end  security 
services,  which  are  scalable,  based  on  standards  and  useful  across  different  domains,  geographical  areas  and  specialization 
sectors.  The  establishment  and  the  assurance  of  a trust  relationship  between  two  transacting  parties  shall  be  concluded  as  a 
result  of  specific  acceptances,  techniques  and  mechanisms. 

The  Third  Party  reviews  all  critical  transaction  communications  between  the  parties,  based  on  the  ease  of  creating 
fraudulent  digital  content.  Introducing  a Trusted  Third  Party  can  specifically  address  the  loss  of  the  traditional  security 
boundary  by  producing  trusted  security  domains.  As  described  by  Castell,  A Trusted  Third  Party  is  an  impartial 
organization  delivering  business  confidence,  through  commercial  and  technical  security  features,  to  an  electronic 
transaction.  It  supplies  technically  and  legally  reliable  means  of  carrying  out,  facilitating,  producing  independent  evidence 
about  and/or  arbitrating  on  an  electronic  transaction. 

Its  services  are  provided  and  underwritten  by  technical,  legal,  financial  and/or  structural  means”  [12]  This 
infrastructure  leverages  a system  of  digital  certificate  distribution  and  a mechanism  for  associating  these  certificates  with 
known  origin  and  target  sites  at  each  participating  server  [13].  TTPs  are  operationally  connected  through  chains  of  trust 
(usually  called  certificate  paths)  in  order  to  provide  a web  of  trust  forming  the  notion  of  a Public  Key  Infrastructure  (PKI) 
[14].  For  a good  organization  it  is  very  essential  to  have  a cloud  that  allows  investigation  from  a single  party,  audit  the 
outsource  data  to  ensure  the  data  security  and  save  the  users  computation  and  data  storage.  It  is  very  important  to  provide 
public  auditing  service  for  cloud  data  storage,  so  that  the  user  trusts  an  independent  third  party. 

PROPOSED  SYSTEM 

A.  Cloud  Security  Broker 

The  Cloud  Security  Broker  provides  visibility,  control,  and  data  protection  through  frictionless  API  integration 
with  the  industry’s  widest  range  of  clouds.  New  clouds  can  be  added  in  minutes  and  multi-cloud  policy  controls  provide 
consistent  security  across  sanctioned  business  apps.  Features  include 

Cloud  Discovery:  provides  control  over  Shadow  IT,  analyzing  network  traffic  to  all  cloud  apps,  identifying  and 
categorizing  more  than  12,000  clouds,  and  analyzing  risk  with  over  100  metrics. 

Activity  Monitoring  and  Anomaly  Detection:  creates  visibility  over  users  (both  internal  and  external),  content, 
and  devices  through  an  intuitive  drill-down  dashboard. 

Compliance  Scanning:  discovers  and  classifies  new  and  existing  content,  with  outof-the-box  policies  and 
integration  with  enterprise  DFP  systems. 

Granular  policy  controls:  make  it  easy  to  create  context-aware  policies  based  on  who,  what,  where,  and  why  and 
automatically  take  appropriate  actions  to  prevent  data  loss. 

Policy-Based  Encryption:  selectively  encrypt  sensitive  fi  les  preventing  them  from  getting  into  the  wrong  hands, 
while  authorized  users  can  decrypt  protected  fi  les  from  any  device. 
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Direct  Cloud  Access:  supports  users  from  anywhere  on  any  device,  without  routing  traffic  through  a corporate 
gateway — ideal  for  distributed  organizations  and  business  partners. 

B.  Cloud  Security  Gateway 

The  Cloud  Security  Gateway  provides  inline  protection,  enabling  you  to  encrypt  or  tokenize  specific  data  fields 
while  maintaining  exclusive  control  over  the  encryption  keys.  Features  include 

Zero-Knowledge  Protection:  unauthorized  outsiders  or  cloud  providers  have  no  way  to  access  the  data  without 
the  keys,  which  never  leave  your  control. 

Standards-Based,  Validated  Security:  uses  AES  256-bit  encryption  and  is  the  only  vendor  in  the  space  to  have 
passed  FIPS  140-2  validation. 

Searchable  Strong  Encryption:  provides  a transparent  user  experience  while  supporting  key  functions  like 
searching,  sorting,  reporting,  indexing,  charts,  and  more. 

Enterprise  Key  Management:  encryption  keys  never  leave  your  organization  and  are  never  available  to  the 
cloud  provider,  preventing  accidental  or  forced  disclosure. 

Tokenization:  meets  the  most  stringent  requirements  for  data  residency  as  sensitive  data  never  leaves  your 
network  and  is  replaced  by  random  token  data  in  the  cloud. 

Malware  Protection:  detects  and  blocks  malware  from  cloud  applications  or  outside  users,  closing  a gap  in  most 
organization’s  AV  coverage. 

CONCLUSIONS 

The  rapid  move  to  the  cloud  by  all  types  of  organizations  has  passed  a tipping  point  and  the  benefits  are 
clear — flexibility,  agility,  cost  savings,  future-proofing  and  more.  But  this  inescapable  trend  raises  many  issues  for 
security-conscious  organizations  as  cloud  applications  lack  consistent  visibility,  data  security,  compliance,  and  control. 
While  the  cloud  lets  you  outsource  your  infrastructure,  your  responsibility  to  protect  critical  business  information  never 
goes  away.  When  sensitive  data  goes  to  the  cloud  you  can’t  be  certain  that  it’s  always  protected  and  not  exposed  to  threats, 
malicious  insiders,  or  forced  government  disclosure.  The  cloud  makes  it  easy  for  your  users  to  share  content  and 
collaborate  with  anyone,  but  you  need  tools  to  make  sure  that  sensitive  data  doesn’t  get  into  the  wrong  hands,  putting  your 
business  at  risk. 
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